Lucene search
K

159 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.4 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/01 3:31 p.m.4 views

EUVD-2026-17901

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References2
NVD
NVD
added 2026/04/01 3:22 p.m.3 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS0.0025EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.21 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

0.0025EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.1 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

5.9AI score0.0025EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/12 2:50 p.m.7 views

kora-lib: Token-2022 Transfer Fee Not Deducted During Payment Verification

Summary When a user pays transaction fees using a Token-2022 token with a TransferFeeConfig extension, Kora's verifytokenpayment credits the full raw transfer amount as the payment value. However, the on-chain SPL Token-2022 program withholds a portion of that amount as a transfer fee, so the...

5.8AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/11 7:15 p.m.8 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

8.1CVSS0.00351EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.5 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

8.1CVSS5.9AI score0.00351EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.23 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

0.00351EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.5 views

CVE-2021-33403

An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction...

7.5CVSS7.1AI score0.01196EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.3 views

CVE-2025-14070

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS6AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.9 views

CVE-2025-1766

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'paymentcomplete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated...

5.3CVSS7.2AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-6525

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00464EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23361

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00303EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2025/08/07 9:45 a.m.3 views

Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection

We’re excited to announce that MRG Effitas, a globally recognized security assessment firm, has awarded Malwarebytes the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security. Our mobile protection received the highest marks, achieving a...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/03 2:14 p.m.7 views

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

5.4CVSS6.2AI score0.00303EPSS
Exploits1References1
NVD
NVD
added 2025/08/01 2:15 p.m.5 views

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

5.4CVSS0.00303EPSS
Exploits1References2
CVE
CVE
added 2025/08/01 12:0 a.m.19 views

CVE-2025-46018

CVE-2025-46018 affects CSC Pay Mobile App, version 2.19.4 (fixed in 2.20.0). A vulnerability in the Bluetooth-based payment authentication module allows a user to bypass payment authorization by disabling Bluetooth at a specific point during a transaction, potentially enabling unauthorized use of...

5.4CVSS6.4AI score0.00303EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.3 views

Opay Mobile application 安全漏洞

Opay Mobile application is a lightweight application from Opay Inc. It is used to manage all banking or payment requirements. A security vulnerability exists in Opay Mobile application version 2.19.4, which originated from allowing a user to bypass payment authorization by disabling Bluetooth at ...

5.4CVSS6.5AI score0.00303EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/08/01 12:0 a.m.4 views

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

6.2AI score0.00303EPSS
Exploits1References2
Rows per page
Query Builder